Checking UNIX/LINUX Systems for Signs of Compromise - UCL
Checking UNIX/LINUX Systems for Signs of Compromise - UCL
Checking UNIX/LINUX Systems for Signs of Compromise - UCL
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Aims<br />
One <strong>of</strong> the main aims <strong>of</strong> this document is to address the lack <strong>of</strong> documentation<br />
concerning concrete actions to be taken when dealing with a compromised *nix<br />
system. The document will try to be as generic as possible, so you may find tools <strong>for</strong><br />
specific plat<strong>for</strong>ms are better suited.<br />
A secondary goal is an explanation <strong>of</strong> methods <strong>of</strong> examining this in<strong>for</strong>mation via<br />
tools. Utilizing these tools we can then :<br />
• investigate the system<br />
• find the points <strong>of</strong> entry and type <strong>of</strong> compromise<br />
• identify areas <strong>for</strong> further investigation and issues <strong>for</strong> attention.